CVE-2019-14563Incorrect Conversion between Numeric Types in Linux

CWE-681Incorrect Conversion between Numeric TypesCWE-787Out-of-bounds WriteCWE-190Integer Overflow or Wraparound10 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 83.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tianocore Edk2Debian Linux
Timeline
PublishedNov 23
Latest updateMay 24

Description

Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

Debiantianocore/edk2< 0~20200229.4c0f6e34-1+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-5q44-mpwv-jf5p: Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access2022-05-24
OSV
CVE-2019-14563: Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access2020-11-23
CVEList
CVE-2019-14563: Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access2020-11-23

📋Vendor Advisories

3
Ubuntu
EDK II vulnerabilities2020-04-30
Red Hat
edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib2020-02-05
Debian
CVE-2019-14563: edk2 - Integer truncation in EDK II may allow an authenticated user to potentially enab...2019

💬Community

3
Bugzilla
CVE-2019-14563 edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib [fedora-all]2020-02-10
Bugzilla
CVE-2019-14563 edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib [epel-all]2020-02-10
Bugzilla
CVE-2019-14563 edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib2019-10-04
CVE-2019-14563 — Debian Linux vulnerability | cvebase